[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use of AES as prf in IKEv2

To: Charlie_Kaufman@notesdev.ibm.com
Subject: Re: Use of AES as prf in IKEv2
From: Uri Blumenthal <uri@bell-labs.com>
Date: Wed, 19 Mar 2003 13:05:24 -0500
Cc: Hugo Krawczyk <hugo@ee.technion.ac.il>, ipsec@lists.tislabs.com
Disposition-Notification-To: Uri Blumenthal <uri@bell-labs.com>
Organization: Lucent Tehcnologies / Bell Labs
Original-CC: Hugo Krawczyk <hugo@ee.technion.ac.il>, ipsec@lists.tislabs.com
References: <OF4254DC4D.D427CDC5-ON85256CEE.000176AF-85256CEE.0001D78C@notesdev.ibm.com>
Sender: owner-ipsec@lists.tislabs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02

Charlie,

I'm looking into this right now and would like a couple
of days - till SAAG meeting - to possibly make a proposal.
Out of hand, what you proposed looks OK.


Charlie_Kaufman@notesdev.ibm.com wrote:
> Having seen the alternatives, I withdraw my earlier objection to Hugo's
> proposal for dealing with prf functions with fixed length keys. His
> recommendation was that if the prf takes a fixed length key, we take the
> first bits of the initiator's nonce as the first half and the first bits of
> the responder's nonce as the second half. Not part of his suggestion, but
> to make the proposal fully specified in all cases, I'd add that if either
> nonce is shorter than half the fixed length key that it be padded with zero
> bits.
> 
> Does anyone object?
> 
>           --Charlie
> 
> Opinions expressed may not even be mine by the time you read them, and
> certainly don't reflect those of any other entity (legal or otherwise).
>

References:
- Re: Use of AES as prf in IKEv2
  - From: Charlie_Kaufman@notesdev.ibm.com

Prev by Date: Newbie ESP Question
Next by Date: RE: Newbie ESP Question
Prev by thread: Re: Use of AES as prf in IKEv2
Next by thread: Re: Use of AES as prf in IKEv2
Index(es):
- Date
- Thread